CDT IN CYBER SECURITY

MINI-PROJECTS 2015

Andrew Martin

Mini-projects allow CDT students to explore two research projects, and to develop working
relationships with supervisors and external partners, before committing to a long-term substantive
project. This document describes the process we expect to follow for the 2015 mini-projects,
presents some background information on the concept, and gives pointers to examples of past mini-
projects.

Key Dates
October-November 2014 Outline Ideas Solicited
17th November 2014 Deadline for outline ideas
17th-21st November 2014 Presentation and Initial Discussion Week: Reading
Week and launch of mini-project selection process

18th November 2014 Presentations to students about mini-project

November 2014-February 2015
end of December 2014
2nd – 6th March 2015
20th March 2015
27th April 2015 – 26th June 2015
13th July 2015 – 18th Sept 2015
28th September 2015 – 2nd October 2015
1st October 2015
opportunities
Discussions between students, academic supervisors
and external parties, leading to firm project outlines
Students expected to have a short-list of possible
projects
Second Reading Week: deadline for firm project
outlines
Formal deadline for mini-project sign-off
Period for Mini-Project 1 (nine weeks)
Period for Mini-Project 2 (nine weeks)
Student vivas
Showcase day

Process

Outline Ideas
The first stage is to develop possible themes and ideas for projects. These can come from academic
supervisors or from external partners. The information sought is:

 Proposer/Sponsor
 Title
 Keywords
 Which CDT Theme the project fits (big data, assurance, cyber-physical, real time)
 Description (optional, but probably helpful in attracting attention)

Exceptionally, there will be a few projects which fall outside the stated CDT Themes – but we expect
these to be relatively rare.

1
Please send these to David.Hobbs@cs.ox.ac.uk. A plain-text email will suffice for this. These will be
collated and shared with the students in the form received.

Presentation and Initial Discussion

This will take place in the week indicated. Students will have access to the outline ideas received
(and any late additions). External partners are invited to make presentations around these ideas –
chiefly on the Tuesday as shown above, but optionally on other days of the week. Ideally these will
be in-person, seminar style, but presentations via Skype or similar means can also be arranged. We
will allow time for informal meetings of students, ideally with potential supervisors present also.

Extended Discussion
Those students/projects/pairings which seem to have promise can be explored over the following
months. Students will be encouraged to develop a short-list, and begin to refine ideas for what is
feasible. In this phase, further input from supervisors and partners will be helpful in determining
exactly what might be achieved during the mini-project. As the short-list shortens, the descriptions
should lengthen, beginning to take shape as full project proposals (according to a pro forma
provided).

Firm Proposals
By the end of the second reading week, each student should have two firm project proposals
complete – within the format set by the pro forma. The details should be acceptable to the student,
prospective supervisor, and, where relevant, external partner. These will then be reviewed by a sub-
committee of the academic board, and signed off (or sent back for more detail, as needed).

2
Background Information

Objective
The objectives of the mini-projects are:

 to give each student experience in undertaking a small research project, one which could
seed or turn into a substantive DPhil project;
 by undertaking two projects, with different supervisors (and often different academic
departments), to ensure that each student explores some diversity of topic, before settling
on their substantive research;
 to provide a means by which the CDT and partner organisations (companies, government
departments, etc.) can develop relationships – whether leading to support for a DPhil
project or some other engagement;
 by providing students with a menu of projects, to shape the overall research of the CDT
according to the original proposal and subsequent guidance from the Advisory Panel;
 to put potential academic supervisors from within the University in touch with the group of
CDT students, giving an opportunity to explore potential research ideas of mutual interest.

Project Characteristics
A good project will:

 provide worthwhile results, leading to a written report (ideally, publishable at an academic

research workshop) within the nine weeks allotted; students are also asked to produce a
poster, and to share results in other ways, as appropriate;
 be based on a realistic problem or challenge;
 be substantially an individual piece of work (collaborative work with other students or
supporters etc. is possible, but the student’s contribution should be clearly defined and
measurable);
 build upon, but not be constrained by, the content of and skills learned in the taught courses
in the CDT;
 have an enthusiastic supporter/mentor from an external organisation and active
engagement of a supervisor in the University (the first is optional; the second mandatory);
 be capable of extension into a bigger project, motivate a bigger project, or (if necessary)
demonstrate the infeasibility of an intended bigger project.
 ideally involve some original, creative work/research (in contrast to being purely a literature
survey, say).

The majority of projects will have an external supporter, but this is not mandatory. Some projects
will have a Department of the University in the role of supporter (i.e. defining a problem domain, but
not necessarily providing academic supervision of the student’s work). Where there is a supporter,
the project could entail:

 supporter poses a problem succinctly in a document or meeting at the start of the project,
then provides limited feedback at one or two points later in the project;

3
  student attends the offices (etc.) of the external supporter (perhaps for several days) near
the start of the project, to define and scope the work, does most of the work in Oxford, but
returns periodically to update the supporter during the project;
 student entirely embedded in the supporting company for the duration of the project, in a
form of internship. In this case, it is crucial that the project be clearly defined as a piece of
advanced (academic) research, and not merely some use of pre-existing skills or general
project work.

Close engagement is generally desirable, subject to logistical challenges. Visits to companies will
entail some costs. Wherever possible, we would encourage supporting companies to cover the
student’s travel and living expenses for those visits.

Proposal Pro Forma

The Pro Forma asks for the following information:

Project Title
Objectives
Research outline
preferably with milestones and, where relevant, deliverables

Overall theme of project

Description of how it may fit into a more substantive DPhil project
where relevant

Academic Supervisor and Department

must be from within the University of Oxford

Supporter(s)/Partner(s)
Pattern of work
How much in Oxford, how much elsewhere; where?

Resources needed
and means of securing them

Support (travel etc.) available to the student

Timeslot(s)
Arrangements needed for intellectual property, non-disclosure, confidentiality, and other
similar issues.
Indicate any known timing constraints

Project risks and mitigation strategy

Approvals needed, and steps being taken to secure these
ethical (CUREC) approval; other waivers (University IT rules, etc.); OfCom/Home Office licences; etc.

Role of the Supervisor

As with any research project, the role of the supervisor is to provide direction and guidance to the
student in methods of undertaking research, and how to report on it. Given the relatively short
period of the mini-project, it is important that a good working relationship is established quickly, and
that expectations on both sides are clear. If the supervisor expects to be unavailable for meetings

4
for an extended period (more than two weeks) then some alternative arrangements need to be
made.

The supervisor should normally be a Senior Member of the University – that is, someone whom a
Faculty would permit to supervise DPhil research. For the mini-projects, the responsibility may fall
to other research staff, but it is important to have regard to the need for a suitable supervisor for
any substantive research project which may arise from the mini-project. Joint supervision is
acceptable – but it should reflect an interest in the fields of the joint supervisors, not a means to get
around other rules.

Themes
The CDT has four big research themes. They are intended to be interpreted creatively and broadly.
The great majority of the research projects (mini projects and later substantive DPhil projects)
should fall into one of these themes, but in particular circumstances it may be possible to pursue a
project with no clear link to them. Cases of doubt should be discussed with the CDT Director at an
early stage. At a minimum, every student should undertake at least one mini project that clearly falls
into one of the themes. In ensuring diversity, they should consider selecting mini-projects from two
different themes, but this will not always be possible or appropriate.

Each theme has a Champion whose role is to help to solicit project proposals, match academic
supervisors and external partners, and ensure wide coverage.

Theme Sample Topics Champion

Security in ‘Big Data’ the acquisition, management, and exploitation of data in a wide variety of David
contexts. Security and privacy concerns often arise here – and may conflict
Wallom
with each other – together with issues for public policy and economic
concerns. Not only must emerging security challenges be addressed, new
potential attack vectors arising from the volume and form of the data, such as
enhanced risks of de-anonymisation, must be anticipated – having regard to
major technical and design challenges. A major application area for this
research is in medical research, as the formerly expected boundaries between
public data, research, and clinical contexts crumble: in the handling of genomic
data, autonomous data collection, and the co-management of personal health
data.

Cyber-Physical the integration and interaction of digital and physical environments, and their
emergent security properties; particularly relating to sensors, mobile devices,
Security
the internet of things, and smart power grids. In this way, we augment
conventional security with physical information such as location and time,
enabling novel security models. Applications arise in critical infrastructure
monitoring, transportation, and assisted living.

Effective Systems formal methods for modelling and abstraction applied to hardware and Michael
software verification, proof of security, and protocol verification.
Verification and wider process context extending to procurement and supply chain Goldsmith
Assurance management, as well as criminology and malware analysis, high-assurance
systems, and systems architectures

Real-Time Security arises in both user-facing and network-facing tools. the technologies which Ivan
make possible continuous authentication based on user behaviour, evolving
access control making decisions based on past behaviour instead of a static Martinovic
policy, visual analytics and machine learning applied network security
management, anomaly detection, and dynamic reconfiguration. These pieces
contribute in various ways to an integrated goal of situational awareness.

5
Intellectual Property, Ownership, and Confidentiality
The University’s normal position – constructed via staff and student contracts – is that research
undertaken by students it the course of their study belongs to the University. Profits deriving from
the research are shared with the individuals concerned, according to well-defined and reasonably
generous rules.

Where a sponsor is committing significant resources or knowhow to a project, it is possible to

negotiate other terms. If such a need is anticipated – whether for a mini-project or a substantive
DPhil project – it should be indicated as early as possible, to allow time for the necessary legal
negotiations to take place. Clearly, it is better if such issues are avoided – but not if this artificially
restricts the scope of the research. Likewise, it is better to anticipate potentially-valuable IP before a
project starts than to run into difficulties later.

The report generated by the student should be capable of publication, but it is normally important
that it describe all the substantive work undertaken. Where necessary, it can be handled on a
privileged and confidential basis, to allow time for filing of patents, etc. Where the report is to
contain other sensitive data, it may be possible similarly to handle it on a confidential basis or to
deliver it in two parts, one with restricted circulation – but this should be discussed as early as
possible with the CDT director.

Confidentiality and non-disclosure agreements may be needed, regardless of the publication terms
of the final report, for the students and supervisors during the project, and possibly for other CDT
staff. These should be arranged with the CDT at the earliest opportunity.

Where suitable clearances and working arrangements are in place, there is no restriction on a
project using government protectively-marked material – but regard should be had to the needs of
the report to be produced, almost certain to be unclassified.

Budget and Resources

The CDT has (very) limited funds for student travel (preferring to reserve most of them for travel to
conferences, etc.). Supporters are encouraged to help students to cover costs of visits wherever
possible. Stipend top-ups are welcome, and the CDT can advise on the most effective ways to pay
these.

Students are provided with basic desktop computing facilities (and support for running virtual
machines). Other requirements for equipment, specialized networks, etc., will normally need to be
met by supporters or by supervisors’ grants. Strategic purchases by the CDT may be considered.
Where sponsors are able to supply equipment, software, and expertise, the CDT will run a resource
pool and help to connect students to these resources whenever possible.

Previous Projects
Our web portal contains links to: abstracts of projects from the first cohort of students are provided
in a separate document; full reports from those projects (these are being finalized and will be linked
as they become available); posters arising from those projects. We also offer the list of project
proposals from 2014. The portal is: https://weblearn.ox.ac.uk/portal/hierarchy/105f84e7-684f-
4244-9196-c7c189c84f18.